CVE-2023-27317

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a 
vulnerability which will cause all SAS-attached FIPS 140-2 drives to 
become unlocked after a system reboot or power cycle or a single 
SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This
 could lead to disclosure of sensitive information to an attacker with 
physical access to the unlocked drives.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
netappCNA
4.3 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
netappontap
9.12.1:p8
netappontap
9.13.1:p4
netappontap
9.13.1:p5
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
netappontap_9
9.12.1P8
CNA
netappontap_9
9.13.1P4
CNA
netappontap_9
9.13.1P5
CNA
Common Weakness Enumeration
References
https://security.netapp.com/advisory/NTAP-20231215-0001/
https://security.netapp.com/advisory/NTAP-20231215-0001/
https://security.netapp.com/advisory/ntap-20231215-0001/